Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

EVPN

  • Support for EVPN route advertisements in EVPN-MPLS Inter-AS Option-C networks (MX204, MX304, MX960, MX10004, MX10008, and MX2020)—Starting in Junos OS Release 23.4R1, we have added support for EVPN route advertisements through an Inter-AS Option-C network. Configure the inet or inet6 statement at the [edit routing-options forwarding-table chained-composite-next-hop ingress labeled-bgp] hierarchy to enable a label-switched path (LSP) from ingress PE to egress PE.

    [See labeled-bgp.]

  • EVPN-VXLAN pure T5 host-route auto-generated community (EX4100-24T, EX4300-MP, EX4400-24MP, EX4400-24P, EX4400-48F, EX4400-48MP, EX4650, and MX960)—Starting in Junos OS Release 23.4R1, we added support for EVPN-VXLAN pure T5 host-route auto-generated community. This feature adds a community to MAC-IP ARP/NDP based pure Type 5 host routes. Border leaf devices in ERB topologies with Type 5 connectivity to other leaf devices in the data center and Type 5 connections to external networks need to advertise aggregate routes to the external network instead of individual Type 5 routes. Border leaf devices can use this community to identify these routes and create an aggregate route to advertise to external EVPN networks.

    [See EVPN-VXLAN Pure T5 Host-Route Auto-Generated Community]

  • EVPN E-LAN over SRv6 underlay (MX204, MX240, MX480, MX960, MX2008, MX2010, MX2020, MX10003, and MX10008)—EVPN E-LAN is a framework for delivering multipoint-to-multipoint VPN service with the EVPN signaling mechanisms. E-LAN service allows service providers to offer services that manage the L2 learning very efficiently. Starting in Junos OS Release 23.4R1, you can configure all-active multi-homed EVPN-ELAN service using segment routing over IPv6 (SRv6). To provide SRv6 service, the egress PE signals an SRv6 Service SID with the VPN route. The ingress PE encapsulates the Service SID in the VPN packet in an outer IPv6 header where the destination address is the SRv6 SID advertised by the egress PE and is routable in the underlay. The nodes between the PEs only need to support plain IPv6 forwarding. We support SRv6 micro-SID & Segment Routing Header (SRH) based control planes and forwarding. Different endpoint behaviors are defined for SRv6 services on the egress node.

    [See Configuring EVPN E-LAN over SRv6 .]

  • Static configuration of MAC-IP bindings with EVPN-VXLAN (EX4100-24MP, EX4300-MP, EX4400-48MP, EX4650, MX204, MX240, MX480, MX960, MX10004, MX10008, MX2010, and QFX10002-60C)—Starting in Junos OS Release 23.4R1, we’ve added the functionality to allow static configuration of MAC-IP bindings on an interface, similar to configuring static MACs on an interface. This feature enables the static configuration of IP and MAC entries for crucial services provided by management and infrastructure hosts. It proves particularly advantageous in Internet Exchange Point (IXP) networks where participant Customer Edge routers (CEs) remain well-known and static, not transitioning to different Provider Edge (PE) devices.

    You can now utilize a new feature that establishes a static link between an IP address and a MAC for a logical interface within a bridge domain or VLAN. When you provision a static MAC-IP entry on a PE, the PE will initiate a probe following an exponential backoff pattern. The probe will use an all-zero sender IP address on the associated interface. If the entity owning the IP to MAC entry responds to the probe, the system will learn the IP to MAC binding as static. Subsequently, it will be propagated to remote PEs through the BGP/EVPN Type 2 MAC advertisement route. The corresponding MAC will be recognized as a dynamic entry. If you want to deactivate the probing mechanism for learning the IP to MAC binding, you can do so by configuring a new configuration option [arp-nd-probe-disable]. Without probing, both the MAC and IP to MAC binding will be acquired from network traffic and communicated using EVPN.

    We’ve introduced the following commands and configuration statements:

    • Configuration of static IP to MAC bindings

      Note:

      A maximum of 8 MACs can be configured per static IP address.

      • QFX:

        set vlans vlan-name switch-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]

      • MX instance-type virtual-switch:

        set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]

      • MX instance-type evpn:

        set routing-instances routing-instance-name protocols evpn interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]

      The aforementioned commands provide an option to configure router and override bits for IPV6 entries. For example:

      QFX:

      set vlans vlan-name switch-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn] <router | override>

    • Disable probing on configuration of static IP to MAC entries:

      To turn off the default probing on configuration of static IP to MAC entries, you can use the global configuration statement arp-nd-probe-disable.

      set protocols l2-learning arp-nd-probe-disable

    • Enable logging for failed probing of static IP to MAC entries:

      To turn on the logging, configure the global configuration statement arp-nd-probe-failed-log.

      set protocols l2-learning arp-nd-probe-failed-log

    • Enable GARP/unsolicited-NA for local and remote static entries

      If this feature is required, you must configure the global configuration statement garp-na-enable.

      set protocols l2-learning garp-na-enable

    • Disable dynamic learning [all static provisioning]

      If dynamic learning of MAC-IP entries is not required, configure the statement drop-unknown-macip under BD/VLAN.

      • QFX:

        set vlans vlan-name switch-options drop-unknown-macip

      • MX instance-type virtual-switch:

        set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options drop-unknown-macip

      • MX instance-type evpn:

        set routing-instances routing-instance-name protocols evpn drop-unknown-macip

    • Drop unicast ARP request

      To drop unicast address resolution requests (for instance, NUD NS messages), you can configure the statement block-unicast-arp at global level for QFX and per BD level for MX.

      • QFX:

        set protocols l2-learning block-unicast-arp

      • MX instance-type virtual-switch:

        set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options block-unicast-arp

      • MX instance-type evpn:

        set routing-instances routing-instance-name protocols evpn block-unicast-arp

    [See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression and interface-mac-ip-limit.]